Vulnerability Identified in the dependency glob npm package

[kkpranesh]

Missing Release of Resource after Effective Lifetime
Vulnerable module
inflight
Introduced through
sequelize-typescript@2.1.6 > glob@7.2.0 > inflight@1.0.6
Fixed in
glob@9.0

Fix: Update the glob npm package

[comeonyo]

Hello, I’ve encountered a similar problem related to the outdated version of glob used in sequelize-typescript.

Here are the details:

When running npm install, I receive multiple warnings about deprecated versions of glob:

npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported

After investigating, I found that sequelize-typescript@2.1.6 depends on glob@7.2.0:

$ npm ls glob
├─┬ sequelize-typescript@2.1.6
│ └── glob@7.2.0

The issue with outdated glob is critical as versions prior to v9 are no longer supported and may cause compatibility or security concerns. Additionally, warnings like these can clutter the installation process and make debugging more difficult for teams.

Would it be possible to update the dependency on glob to a more recent version (v9 or higher)? This would help prevent deprecation warnings and ensure better support for downstream projects.

[avez-fsd]

Having similar issue, getting the below warning from inflight.

This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

[luanxuechao]

HI @WikiRik could you help take a look?